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DETAILED ACTION 
Response to Amendment 

1 . This Office Action is responsive to the amendment filed May 4, 2005. 

Response to Arguments 

2. Applicant's arguments filed May 4, 2005 have been fully considered but they are not 
persuasive. 

3. Applicants argue, "there is no motivation to combine Gifford and Bishop, as the problem 
solved by Bishop was already solved in Gifford". 

4. In response to applicant's argument that there is no suggestion to combine the references, 
the examiner recognizes that obviousness can only be established by combining or modifying the 
teachings of the prior art to produce the claimed invention where there is some teaching, 
suggestion, or motivation to do so found either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 
USPQ2d 1596 (Fed. Cir. 1988) mdln re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 
1992). Therefore, whether or not the problem was previously solved in not relevant. If, as 
asserted by Applicants, the problem was already solved, it only provides additionally support 
that Applicants' limitations are old and well known in the art. 

5. Applicants argue, "there is no suggestion that a component of the challenge message is to 
be displayed to the user and then digitally signed by the buyer"; however, the examiner 
disagrees. Notice, Bishop et al. teach receiving a challenge message and forwarding the 
challenge data to a browser as signature request message. Later, a smartcard suitably signs 



Application/Control Number: 09/8 1 8,084 Page 3 

Art Unit: 3621 

the block. It is known in the art that browsers are utilized to view documents; thus, the data of 
Bishop et al. is forward to the browser, which implies that the document will be displayed and 
later signed. 

6. Applicants argue that Shwartz does not make up for the deficiencies of Gifford and 
Bishop. The examiner directs Applicants to the previous of action, which illustrates that Shwartz 
overcoming the deficiencies of Gifford and Bishop. 

7. Claims 35-55 have been examined. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. . Claims 35, 37-42,44-49, 51-55 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over U.S. Patent No. 6205437 to Gifford in view of U.S. Publication NO. 2004/0243520 to 

Bishop et al. and US Publication NO. 2001/0044787 to Shwartz et al. 

Referring to claims 35 and 42, Gifford discloses storing a public key associated with a 

public key infrastructure (PKI) key pair in a profile database (see col. 10, lines 37-42), in 

response to receiving an authentication request from a buyer over a network, the authentication 
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request including a description of the payment transaction and an identity of a seller (see col. 6, 
lines 16-32), storing a digitally signed record of the payment transaction in a transaction archive, 
i.e. "transaction database" (see col. 8, lines 16-19) and sending an authentication response to the 
seller over the network (see col. 6, iines 52-61). Gifford does not expressly disclose sending a 
challenge request to the buyer over the network, the challenge request including a summary of 
the payment transaction to be displayed to the buyer and then digitally signed by the buyer using 
a private key associate with the PKI key pair, or in response to receiving a challenge response 
from the buyer over the network, the challenge response including the digitally singed summary 
of the payment transaction, determining whether the buyer has access to the private key by using 
the public key to decrypt the digitally signed message. Bishop et al. disclose sending a challenge 
request to the buyer over the network, the challenge request message to be displayed to the buyer 
then digitally signed by the buyer using a private key associate with the PKI key pair, or in 
response to receiving a challenge response from the buyer over the network, the challenge 
response including the digitally singed message, determining whether the buyer has access to the 
private key by using the public key to decrypt the digitally signed message (see paragraphs 
[0094] & [0095]). Shwartz et al. disclose the challenge request including a summary of the 
payment transaction (see paragraphs [0182]-[0184]). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Gifford to include the steps of sending a challenge request to the buyer over the network, the 
challenge request including a summary of the payment transaction to be displayed to the buyer 
and then digitally signed by the buyer using a private key associate with the PKI key pair, or in 
response to receiving a challenge response from the buyer over the network, the challenge 
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response including the digitally singed summary of the payment transaction, determining 
whether the buyer has access to the private key by using the public key to decrypt the digitally 
signed message. One of ordinary skill in the art would have been motivated to do this because it 
protects the network server from attacks and improve the ease and safety of electronic commerce 
for consumers (see Bishop et al. & Shwartz et al). 

Referring to claims 37,44 and 51, Gifford discloses the method wherein the record of the 
payment transaction is digitally signed using the private key (see col. 10, lines 43-45). 

Referring to claims 38,45 and 52, Gifford discloses the method wherein the record of the 
online transaction is digitally signed using a local private key (see col. 10, lines 48 & 49). 

Referring to claims 39,46 and 53, Gifford discloses the method wherein the public key is 
stored in the form of a digital certificate representing that the public key is tied to the buyer (see 
col. 7, lines 44-46). 

Referring to claims 40,47 and 54, Gifford discloses several databases including account 
database storing account information and an address database storing shipping address 
information (see col. 8, lines 12-24 and 33-36). Gifford also discloses receiving a selection of 
one of the plurality of payment instruments (i.e, "means of payment") and one of the plurality of 
shipping addresses from the buyer over the network (see col. 5, lines 34-50; col. 8, lines 33-35). 
Gifford does not expressly disclose retrieving a buyer profile from the database, the buyer profile 
including a plurality of payment instruments and a plurality of shipping address and sending the 
buyer profile to the buyer over the network; however, these are inherent steps. Before selecting 
the method of payment and address information, the buyer must first be provided with his 
profile. 
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Referring to claims 41,48 and 55, GifFord discloses processing the payment transaction 
via a payment gateway (i.e. "payment computer") see col. 6, lines 12-14. 

Referring to claim 49, Gifford discloses a profile database, i.e. account database and 
address database, transaction archive, i.e. settlement database" (see col. 7, lines 66-67 & col. 8, 
lines 1-7) an authentication service web server (i.e. "payment computer") coupled to the profile 
database, the transaction archive and the network, the authentication service web server 
adaptively configured to (see col. 4, lines 46-55) store a public key associated with a public key 
infrastructure (PKI) key pair in a profile database (see col. 10, lines 37-42), in response to 
receiving an authentication request from a buyer over a network, the authentication request 
including a description of the payment transaction and an identity of a seller (see col. 6, lines 16- 
32), store a digitally signed record of the payment transaction in a transaction archive, i.e. 
"transaction database" (see col. 8, lines 16-19) and send an authentication response to the seller 
over the network (see col. 6, lines 52-61). Gifford does not expressly disclose the web server 
adaptively configured to send a challenge request to the buyer over the network, the challenge 
request including a summary of the payment transaction to be displayed to the buyer then 
digitally signed by the buyer using a private key associate with the PKI key pair, or in response 
to receiving a challenge response from the buyer over the network, the challenge response 
including the digitally singed summary of the payment transaction, determine whether the buyer 
has access to the private key by using the public key to decrypt the digitally signed summary of 
the payment transaction. Bishop et al. disclose sending a challenge request to the buyer over the 
network, the challenge request message to be displayed to the buyer then digitally signed by the 
buyer using a private key associate with the PKI key pair, or in response to receiving a challenge 
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response from the buyer over the network, the challenge response including the digitally singed 
message, determining whether the buyer has access to the private key by using the public key to 
decrypt the digitally signed message (see paragraphs [0094] & [0095]). Shwartz et al. disclose 
the challenge request including a summary of the payment transaction (see paragraphs [0182]- 
[0184]). At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to modify the method disclose by Gifford to include the steps of the web server 
adaptive ly configured to send a challenge request to the buyer over the network, the challenge 
request including a summary of the payment transaction to be displayed to the buyer then 
digitally signed by the buyer using a private key associate with the PKI key pair, or in response 
to receiving a challenge response from the buyer over the network, the challenge response 
including the digitally singed summary of the payment transaction, determine whether the buyer 
has access to the private key by using the public key to decrypt the digitally signed summary of 
the payment transaction. One of ordinary skill in the art would have been motivated to do this 
because it protects the network server from attacks and improve the ease and safety of electronic 
commerce for consumers (see Bishop et al & Shwartz et al.). 

10. Claims 36,43 and 50 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gifford, Bishop et al. and Shwartz et al. as applied to claims 35, 42 and 49 above, and further in 
view of US Publication NO. 2001/0014158 to Baltzley. 

Gifford discloses PKI key pair (see claims 35 and 42 above). Gifford does not expressly 
disclose creating the PKI key pair, and sending the private key to the buyer over the network. 
Baltzley discloses creating the PKI key pair (see paragraph [0010], and sending the private key 
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to the buyer over the network (see paragraph [001 1]). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Gifford to include the steps of creating the PKI key pair, and sending the private key to the buyer 
over the network. One of ordinary skill in the art would have been motivated to do this because 
it prevents fraud by providing additional security. 

Conclusion 

1 1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 . 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 571-272-6714. The 
examiner can normally be reached on Mondays-Thursdays 8:30 -7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (571) 272-6712. The fax phone number for the 
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organization where this application or proceeding is assigned is 703-872-9306 for Regular/After 
Final Actions and (571)273-6714 for Non-Official/Draft. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Any response to this action should be mailed to: 
Commissioner of Patents and Trademarks 



P.O. Box 1450 
Alexandria, VA 22313-1450 




Jalatee Worjloh 
Patent Examiner 
Art Unit 3621 



July 19, 2005 




